Earlier this month news emerged about a flaw in the DNS standard that could allow attackers to redirect Internet requests to wherever they want – such as sites that engage in phishing or malware distribution. While Dan Kaminsky was hoping to wait until the Black Hat Conference to release details of the flaw he discovered, it appears that another researcher has jumped the gun and posted a hypothesis on how to exploit it.
On his blog, Halvar Flake described how an attacker could conduct DNS cache poisoning by overloading the server with requests until a legitimate answer is received. The technique also involves redirecting the name server to an IP address set up by the attacker and the use of “Bailiwick checking.” Matasano Security was already in on the details of the flaw and posted confirmation of Flake’s hypothesis, adding that an attacker with a fast internet connection would only need 10 seconds to carry out such an attack.
Kaminsky, for his part, has declined comment on Flake's speculation but urged DNS operators to patch their servers immediately.